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DETAILED ACTION 
Status of Claims 

This communication is in response to remarks and amendments filed on 12/6/2007. 
Claims 1, 7, 11-13, 15, 16, 18, 21, 24, 26, 29-32, 48, 54, 55, 57, 60-62 and 68-71 have been 
amended. Claims 4, 5, 10, 14, 17, 35-41, 43-47, 51, 56, 57 and 61 have been canceled. Claims 
1, 2, 6-8, 11-13, 15, 16, 18-34, 48, 49, 52-55, 58-60 and 62-84 remain pending. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identicaUy disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 2, 6-8, 11-13, 15, 16, 18-34, 48, 49, 52-55, 58-60 and 62-76 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over Goertzel et al. (hereinafter Goertzel, US 
6,308,273 Bl) in view of Shaffer et al. (hereinafter Shaffer), US 7,167,553 B2 and Davis et 
al. (hereinafter Davis), US 6,282,522 Bl. 

1 . Goertzel discloses a system for enabling remote access to an application server, upon 
authentication of a location from which a user has sought access as an authorized location, for 
enabling processing of a fransaction requiring user location authentication, wherein the user 
location includes means for enabling the user to request remote access to the application server, 
the system comprising (column 1, line 55-column 2, line 13): 

■ a means for enabling a user to request remote access to the application server (columns 3- 
5, remote processing/devices for access) 
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• an access server, for receiving and processing a request for access to the application 
server from a user request enabling means, the server adapted to be located remote from 
the user's location (figure 4, 68 remote access server); 

• an authenticator for authenticating the geographic location of the user responsive to 
receipt of a processed request from the access server, the authenticator including a 
challenge and response system for authenticating the geographic location of the user and 
verifying an identity of the user base don security data, wherein the verifying the identity 
of the user includes issuing a challenge based on the security data (Fig 13, challenge 
response authentication protocol) and wherein the authenticator is adapted to be 
connected to the access server, (figure 4, 71 location detection mechanism; please note 
that adapted to language fails to provide a positive recitation of the step and therefore is 
not granted much patentable weight in claim interpretation - consider revising to 
"programmed to"); 

• means for interconnecting the access server and the authenticator (column 5, figure 5A-B, 
528 lookup number in database; coliimn 7, line 55-column 8, line 4). 

Goertzel does not explicitly disclose a first number authentication mechanism, wherein the 
first number authentication mechanism provides anti-circumvention protection that determines a 
geographic location of an originating number to prevent the user from connecting to the access 
server from a geographic location other than the user location and wherein the first number 
authenticating system relies on user input and does not rely on GPS. 

Shaffer, however, teaches a communication system and method wherein the location of a 
remote user is determined (columns 16-17). Furthermore, Shaffer utilizes ANI, DNIS and 
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geographic identifier in order to determine the identity and location of the caller (see also 
colunms 25-29). 

It would have been obvious to one of ordinary skill in the art, at the time of the invention to 
modify the security location discrimination system and methods disclosed by Goertzel and 
further utilize the location determination mechanism of Shaffer, in order to prevent unauthorized 
and illegal access and only service authorized locations, as per teaching of Shaffer (column 1-2). 

The above cited references do not teach a card having security data for identifying the user 
by verifying an identity of the user and a card reader connected to the means for enabling a user 
to request access to the application server at the user's geographic location including time out 
feature. David teaches an internet payment system using a smart card to verify the identity of the 
user at any location once the smart card is inserted into the reader for transaction processing (see 
abstract, fig 10 and associated text, column 3-4). It would have been obvious to one of ordinary 
skill in the art at the time of the invention to utilize Davis' invention to provide additional 
security measures in transaction processing while increasing efficiency and user convenience. 

Goertzel fiirther discloses : 
2. The system of claim 1 , wherein the authenticator comprises an authenticating server 
(figure 14 and associated text). 

6. The system of claim 1, wherein the interconnecting means comprise a network (figure 1 
and associated text). 
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7,45. The system of claim 2, wherein the authenticating server includes a database of 
authorized locations, for enabling verification of the location of the user as an authorized user 
location (figure 4, database or registered numbers 74) 

8. The system of claim 2, wherein the authenticating server comprises a Remote Access 
Dial-In User Service (RADIUS) server (figure 5B). 

36. The system of claim 3, wherein the user identity determining means comprise a challenge 
and response system (column 16, lines 35-47; figure 13). 

42. The system of claim 4, wherein the user presence insuring means 

comprise a card for identifying the user, and a reader for reading the user identifying card, 

adapted to be connected to the user access request enabling means at the user location (column 3- 

4). 

1 1 . The system of claim 5, wherein the user request enabling means comprise an interface 
station (figure 1 and associated text, API 36, monitor 47). 



12. The system of claim 5, wherein the user request enabling means comprise a client 
(column 4, lines 5-49). 
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13. The system of claim 5, wherein the user request enabling means include a location 
identifier (column 4, lines 50-column 6, line 50). 

15. The system of claim 5, wherein the user request enabling means include an identifier 

associated with the user's location, and the authenticator comprises means for authenticating the 
identifier associated with the user's location (column 4, lines 50-column 6, line 50). 

1 6. The system of claim 5, wherein the user request enabling means include a dialer, located 
at the user's location, and wherein the dialer includes a number associated therewith (Figure 5B) 

18. The system of claim 5, wherein the interconnecting means are fiirther adapted to 
interconnect the user request enabling means (figure 1, 2 and associated text). 

19. The system of claim 6, wherein the network comprises an intranet (figure 2 and 
associated text). 

20. The system of claim 6, wherein the network comprises the Internet (figure 2 and 
associated text). 

21 . The system of claim 8, fiirther comprising means for enabling the user to request remote 
access to the application server, wherein the authenticating server is fiirther adapted to issue a 
security challenge to the user request enabling means (see above cited corresponding sections). 
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23, 3 1 . The system of claim 16, wherein the authenticator comprises a number identifier for 
identifying the number associated with the dialer located at the user's location (see above cited 
corresponding sections). 

24, 32. The system of claim 16, wherein a dialing system includes a plurality of numbers each 
associated with one of a plurality of dialers adapted to enable dialing therefrom and each dialer 
associated with a different user location, and the authenticator further comprises means for 
identifying the first number dialed from in the dialing system (column 1). 

26, The system of claim 2 1 , wherein the user request enabling means are adapted to issue a 
response to the security challenge, and the authenticating means include a database for enabling 
verification of the response of the user request enabling means to the security challenge (see 
above cited corresponding sections). 

27, 33. The system of claim 23, wherein the number identifier comprises Automatic Number 
Identification (column 7, lines 55-59). 

28, 34. The system of claim 24, wherein the first number identifying means comprises Dialed 
Number Identification Services (Figure 5B). 
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29. The system of claim 26, wherein the authenticator is further adapted to verify the response of 
the user request enabling means to the security challenge based on the database in the 
authenticator, and to authorize access to the application server (see above cited corresponding 
sections). 

30. Goertzel discloses as detailed above, but does not explicitly disclose a first number 
authentication mechanism, wherein the first number authentication mechanism provides anti- 
circumvention protection that determines a physical location of an originating number to prevent 
the user from connecting to the access server from a physical location other than the user 
location and wherein the first number authenticating system is a non-global positioning satellite 
system. 

Shaffer, however, teaches a communication system and method wherein the location of a 
remote user is determined (columns 16-17). Furthermore, Shaffer utilizes ANI, DNIS and 
geographic identifier in order to determine the identity and location of the caller (see also 
columns 25-29). 

It would have been obvious to one of ordinary skill in the art, at the time of the invention to 
modify the security location discrimination system and methods disclosed by Goertzel and 
further utilize the location determination mechanism of Shaffer, in order to prevent unauthorized 
and illegal access and only service authorized locations, as per teaching of Shaffer (column 1-2). 

The above cited references do not teach a card having security data for identifying the user 
by verifying an identity of the user and a card reader connected to the means for enabling a user 
to request access to the application server at the user's geographic location including time out 



Application/Control Number: 10/033,716 Page 9 

Art Unit: 3621 

feature. David teaches an internet payment system using a smart card to verify the identity of the 
user at any location once the smart card is inserted into the reader for transaction processing (see 
abstract, fig 10 and associated text, colunm 3-4). It would have been obvious to one of ordinary 
skill in the art at the time of the invention to utilize Davis' invention to provide additional 
security measures in transaction processing while increasing efficiency and user convenience. 

48. Goertzel discloses as provided above, but does not exphcitly disclose a first number 
authentication mechanism, wherein the first number authentication mechanism provides anti- 
circumvention protection that determines a physical location of an originating number to prevent 
the user from connecting to the access server from a physical location other than the user 
location and wherein the first number authenticating system is a non-global positioning satellite 
system. 

Shaffer, however, teaches a communication system and method wherein the location of a 
remote user is determined (colimms 16-17). Furthermore, Shaffer utilizes ANI, DNIS and 
geographic identifier in order to determine the identity and location of the caller (see also 
columns 25-29). 

It would have been obvious to one of ordinary skill in the art, at the time of the invention to 
modify the seciirity location discrimination system and methods disclosed by Goertzel and 
fiirther utilize the location determination mechanism of Shaffer, in order to prevent unauthorized 
and illegal access and only service authorized locations, as per teaching of Shaffer (column 1-2). 

The above cited references do not teach a card having security data for identifying the user 
by verifying an identity of the user and a card reader connected to the means for enabling a user 
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to request access to the application server at the user's geographic location including time out 
feature. David teaches an internet payment system using a smart card to verify the identity of the 
user at any location once the smart card is inserted into the reader for transaction processing (see 
abstract, fig 10 and associated text, column 3-4). It would have been obvious to one of ordinary 

skill in the art at the time of the invention to utilize Davis' invention to provide additional 
security measures in transaction processing while increasing efficiency and user convenience. 

Claims 22, 25 and 69 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Goertzel et al. (liereinafter Goertzel), U.S. Patent 6,508,710 Bl. 

Goertzel discloses as detailed above but does not explicitly disclose a first number authentication 
mechanism, wherein the first number authentication mechanism provides anti-circumvention 
protection that determines a geographic location of an originating number to prevent the user 
from connecting to the access server from a geographic location other than the user location. 

Shaffer, however, teaches a communication system and method wherein the location of a 
remote user is determined (columns 16-17). Furthermore, Shaffer utilizes ANI, DNIS and 
geographic identifier in order to determine the identity and location of the caller (see also 
columns 25-29). 

It would have been obvious to one of ordinary skill in the art, at the time of the invention 
to modify the security location discrimination system and methods disclosed by Goertzel and 
further utiUze the location determination mechanism of Shaffer, in order to prevent unauthorized 
and illegal access and only service authorized locations, as per teaching of Shaffer (column 1-2). 

A cookie is a block of data that a server returns to a client in response to a request from 
the client and commonly used to identify a user and is thus old and well known in the computer 
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art. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
implement a cookie as part of the authentication process to efficiently verify the location 
information of a returning user for enabling access [US references 6,715,080; 6,606,708; 
6,51 1,339 fiirther support the examiner's contention that the use of a cookie for the above noted 
purpose is well-known in the art]. 

The above cited references do not teach a card having security data for identifying the user 
by verifying an identity of the user and a card reader connected to the means for enabling a user 
to request access to the application server at the user's geographic location including time out 
feature. David teaches an internet payment system using a smart card to verify the identity of the 
user at any location once the smart card is inserted into the reader for transaction processing (see 
abstract, fig 10 and associated text, column 3-4). It would have been obvious to one of ordinary 
skill in the art at the time of the invention to utilize Davis' invention to provide additional 
security measures in transaction processing while increasing efficiency and user convenience. 

Corresponding claims 49 and 52-55, 58-60, 62-76 are directed to a method of the above 
claimed invention and are therefore rejected as above. 

Although the Examiner has pointed out particular references contained in the prior art(s) of 
record in the body of this action, the specified citations are merely representative of the 
teachings in the art as applied to the specific limitations within the individual claim. Since 
other passages and figures may apply to the claimed invention as well, it is respectfully 
requested that the applicant, in preparing the response, to consider fully the entire references 
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as potentially teaching all or part of the claimed invention, as well as the context of the 
passage as taught by the prior arts or disclosed by the examiner. 

Response to Arguments 
Applicant's arguments with respect to amended claims have been considered but are moot 
in view of the new ground(s) of rejection. 

Conclusion 

THIS ACTION IS MADE FINAL. AppUcant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 . 1 36(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Bradley B. Bayat whose telephone number is 571-272-6704. The 
examiner can normally be reached on Tuesday-Friday 8 a.m. - 6:30 p.m.. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Andrew Fischer can be reached on 571-272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Bradley B Bayat/ 

Primary Examiner, Art Unit 3621 



